We are looking to set up some testing tomorrow for a few net admins and I'm trying to figure out ways that will force admins to use troubleshooting techniques rather than referencing a known good running cnfg. For example, I can put incorrect AS numbers in there all day, change IPs, shut ports, change speeds, etc....but I'm looking for other things that can be changed on the router that will break connectivity (both WAN/LAN) that will force the admin to use commands to arrive at the problem rather than a known good.
Anyone have any ideas? I can't really divulge network configurations to allow for very specific responses but I'd appreciate any input you can give. Please try to provide a command and what it does. I can ? through it to tailor it to our needs. Thank you.
One thing you could try is to restrict what they can view the network set them up as priv 2 username account or something similar block show run so they will have to use the more specific commands when you break things in the network , this makes it harder for them as they cant just check the show run for quick fix
setup some dummy igp neighbors and set the timers wrong get them flapping , get them to test a source to destination ips put qos in place with acls and route-maps restrict/police/drop/redirect certain traffic types with both and restrict the commands they can use to troubleshoot the issues
I was also thinking of simulating a device starting in ROMMON. Just wanted to be sure I had the steps right....
(get device into ROMMON)
(boot back up from flash)
Am I missing any commands there?
No that should work fine you might need to save the setting though when enabled so it takes the 0x2120, I have not really tried to force a device into rommon before usually the other way around :)
Duplicating router id might bring up a lot of surprising results. If admin is not familiar with network administration and google problems on forums instead of diagnose it then he might go far away from solution. But this requires 100+ nodes in routing protocol.